250-AUTH LOGIN PLAIN & 250-AUTH=LOGIN PLAIN

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

250-AUTH LOGIN PLAIN & 250-AUTH=LOGIN PLAIN

Mohsen Pahlevanzadeh
Dear all,
when i use
telnet 0 587, i get the following result:
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
220 mail.pahlevanzadeh.info ESMTP Postfix
AND WHEN I USE EHLO COMMAND, I GET THE FOLLOWING RESULT:
ehlo localhost
250-mail.pahlevanzadeh.info
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

But i don't see two following lines in above:
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN


I attached my main.cf and my master.cf,
i have a newbie question: if i get good result, should i run dovecot?
second question: how i can see the two lines in the smtp result?


--mohsen

main.cf.list (2K) Download Attachment
master.cf.list (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: 250-AUTH LOGIN PLAIN & 250-AUTH=LOGIN PLAIN

Dominik George
Hi,

> But i don't see two following lines in above:
> 250-AUTH LOGIN PLAIN
> 250-AUTH=LOGIN PLAIN

have you upgraded Postfix to 2.10 recently?

In this case, you might have missed the smtpd_relay_restrictions change
pointed out in the release notes [1]:

> Feature 20121007] This version introduces the smtpd_relay_restrictions
> feature for mail relay control. The new built-in default settings
> are:
>
>     smtpd_relay_restrictions =
> permit_mynetworks
> reject_unauth_destination
>
>     smtpd_recipient_restrictions =
> ( optional spam blocking rules would go here )
Cheers,
Nik

[1] http://de.postfix.org/ftpmirror/official/postfix-2.10.0.RELEASE_NOTES

--
<Natureshadow> Auf welchem Server liegt das denn jetzt…?
<mirabilos> Wenn es nicht übers Netz kommt bei Hetzner, wenn es nicht
            gelesen wird bei STRATO, wenn es klappt bei manitu.

PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

signature.asc (923 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: 250-AUTH LOGIN PLAIN & 250-AUTH=LOGIN PLAIN

Jeroen Geilman
In reply to this post by Mohsen Pahlevanzadeh
On 06/20/2013 11:19 AM, Mohsen Pahlevanzadeh wrote:
Dear all,
when i use 
telnet 0 587, i get the following result:
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
220 mail.pahlevanzadeh.info ESMTP Postfix
AND WHEN I USE EHLO COMMAND, I GET THE FOLLOWING RESULT:
ehlo localhost
250-mail.pahlevanzadeh.infousing
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

But i don't see two following lines in above:
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN

That could mean one of three things: either you have not enabled SASL on port 587, or you have set "smtpd_tls_auth_only = yes" on port 587, which prevents AUTH before TLS, or you have enforced TLS, which has the same effect.

From main.cf:

	smtpd_sasl_auth_enable = yes
	smtpd_sasl_path = inet:localhost:1023
	smtpd_sasl_security_options = noanonymous
	smtpd_sasl_type = dovecot
	smtpd_tls_auth_only = no
From your master.cf entry for submission:
	submission inet  n       -       -       -       -       smtpd 
		-o smtpd_tls_security_level=encrypt 

It's reason #3: you enforce TLS on submission.

I attached my main.cf and my master.cf,
i have a newbie question: if i get good result, should i run dovecot?

Dovecot serves several functions, two or three of which can be integrated with postfix.
If you're using dovecot as your SASL provider, you're already running it.

second question: how i can see the two lines in the smtp result?

You do not want to see those two lines before TLS.

You can test an encrypted connection using the openssl s_client subcommand; you should see the AUTH entries after you have completed STARTTLS.


-- 
J.